You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa thunderbird

Sigurnosni nedostaci programskog paketa thunderbird

==========================================================================
Ubuntu Security Notice USN-4045-1
July 01, 2019

thunderbird vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
– thunderbird: Mozilla Open Source mail and newsgroup client

Details:

A type confusion bug was discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could exploit this by causing a denial of service, or
executing arbirary code. (CVE-2019-11707)

It was discovered that a sandboxed child process could open arbitrary web
content in the parent process via the Prompt:Open IPC message. When
combined with another vulnerability, an attacker could potentially exploit
this to execute arbitrary code. (CVE-2019-11708)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  thunderbird                     1:60.7.2+build2-0ubuntu0.19.04.1

Ubuntu 18.10:
  thunderbird                     1:60.7.2+build2-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
  thunderbird                     1:60.7.2+build2-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  thunderbird                     1:60.7.2+build2-0ubuntu0.16.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
  https://usn.ubuntu.com/4045-1
  CVE-2019-11707, CVE-2019-11708

Package Information:
 
https://launchpad.net/ubuntu/+source/thunderbird/1:60.7.2+build2-0ubuntu0.19.04.1
 
https://launchpad.net/ubuntu/+source/thunderbird/1:60.7.2+build2-0ubuntu0.18.10.1
 
https://launchpad.net/ubuntu/+source/thunderbird/1:60.7.2+build2-0ubuntu0.18.04.1
 
https://launchpad.net/ubuntu/+source/thunderbird/1:60.7.2+build2-0ubuntu0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAl0bi7IACgkQYR+97NWU
bg9YGAf/YAYk/lhjbuOnx49IE3hiq18cZIp6/iS7mQzjX/aFhdf5I3m32HXP5ivx
D2xiPA9FzYshOuAXGdwkHlk3Gsv7VcIVatb98RST/QImdp/1icOAzIgOL5XlVk2B
LPB7UN+QO+J70o1HwmNQ+RJaE/4xF1NcVpeuIZIBBejzXS+4KobEcxe9GZqnUz2I
L9jlGL8bszPVbV3aCPSzOreugYaX1BYMKTXn6+6Vszw9jsjFJQMFMs4jXC7hjVyQ
Q5Fjoqc+00EFqb6LTKvBmEtIFXNs298Hfaft/hLIxvDTjNajaQctd5tI3HROgCS7
FVcQgQPxjd+QQqMBDaoidHbzToT3IA==
=kiGa
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libssh2

Otkriveni su sigurnosni nedostaci programske biblioteke libssh2 za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close